22814f0cdc05c7a7e4a4b43da750592db996f44b915a10ca7142b65323405ae0

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f21491c6a5705a34bc1d307fc7b2f5e.exe
Size

1.1MB
MD5

0f21491c6a5705a34bc1d307fc7b2f5e
SHA1

1f426597dba88e01ba10b832c7a3fc57f8633c78
SHA256

22814f0cdc05c7a7e4a4b43da750592db996f44b915a10ca7142b65323405ae0
SHA512

9ab4b5e1fccce47618a7eb4fafcc9e20c8903b9143855948e9c3d49f99ee84c69e68ae57ab6606c276256d39a064e5082d546c28b2966ab4c944c7579f6e6101
SSDEEP

24576:LWvknOMEfrbGqXx8u5LWAKDvNPHJ3Em/1V+VqyxJ8SaBtIztw:LUeOMmeqWWpKDvNPHBEamVbsNz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1832	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2924	0f21491c6a5705a34bc1d307fc7b2f5e.exe
1832	Setup.exe
1832	Setup.exe
1832	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 1832	2924	0f21491c6a5705a34bc1d307fc7b2f5e.exe	29
PID 2924 wrote to memory of 1832	2924	0f21491c6a5705a34bc1d307fc7b2f5e.exe	29
PID 2924 wrote to memory of 1832	2924	0f21491c6a5705a34bc1d307fc7b2f5e.exe	29
PID 2924 wrote to memory of 1832	2924	0f21491c6a5705a34bc1d307fc7b2f5e.exe	29
PID 2924 wrote to memory of 1832	2924	0f21491c6a5705a34bc1d307fc7b2f5e.exe	29
PID 2924 wrote to memory of 1832	2924	0f21491c6a5705a34bc1d307fc7b2f5e.exe	29
PID 2924 wrote to memory of 1832	2924	0f21491c6a5705a34bc1d307fc7b2f5e.exe	29

C:\Users\Admin\AppData\Local\Temp\0f21491c6a5705a34bc1d307fc7b2f5e.exe
"C:\Users\Admin\AppData\Local\Temp\0f21491c6a5705a34bc1d307fc7b2f5e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Users\Admin\AppData\Local\Temp\a2oO2w38qK\YyaPLA4U\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2oO2w38qK\YyaPLA4U\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2oO2w38qK\YyaPLA4U\Setup.exe

Filesize
1024KB

MD5
b9579c4cf68eb75393be5ab257bc7661

SHA1
b27a3ed6e34d92d4833c91b8a81a1132e2ad1146

SHA256
b0b914fc37cd43c3daedd70f5e8c16fc0d55910c9a8f6ee230a3e65122f8ee5a

SHA512
fc31f39a00c16fa62978393e65e162f320a891f029bdbcc843adc03a6bd215ac47614774792413c7dd2c976d91084c2094b43b76b752830109462b5d9dfa0d82

Download Submit
\Users\Admin\AppData\Local\Temp\a2oO2w38qK\YyaPLA4U\Setup.exe

Filesize
1.1MB

MD5
0f21491c6a5705a34bc1d307fc7b2f5e

SHA1
1f426597dba88e01ba10b832c7a3fc57f8633c78

SHA256
22814f0cdc05c7a7e4a4b43da750592db996f44b915a10ca7142b65323405ae0

SHA512
9ab4b5e1fccce47618a7eb4fafcc9e20c8903b9143855948e9c3d49f99ee84c69e68ae57ab6606c276256d39a064e5082d546c28b2966ab4c944c7579f6e6101

Download Submit
\Users\Admin\AppData\Local\Temp\a2oO2w38qK\YyaPLA4U\Setup.exe

Filesize
64KB

MD5
3b151b81ea6729451fcfbb7e77abbdbd

SHA1
8a9d4def8894c0d0277cb6674f529ce25e2cdac7

SHA256
aab4a17100b1a807ab312d482e4cb5f633940895f9afe47f3e194b5284e1adcd

SHA512
495f54a57f4d0edf34e51f8d1e70bc1143e0606510ae3ff596740397891ea2a0648adf853d5e0bd2d4edb9c954677e3cffd3308df16aaa54a0df88c6681d990b

Download Submit
memory/1832-624-0x0000000000B90000-0x0000000000C8E000-memory.dmp

Filesize
1016KB

Download
memory/1832-843-0x0000000000B90000-0x0000000000C8E000-memory.dmp

Filesize
1016KB

Download
memory/2924-24-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-43-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-37-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-7-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-9-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-8-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2924-10-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-11-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-12-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-13-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-14-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-15-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-16-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-17-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-19-0x0000000075AC0000-0x0000000075BD0000-memory.dmp

Filesize
1.1MB

Download
memory/2924-20-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-18-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-21-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-22-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-23-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-28-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-29-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-30-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-31-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-27-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-32-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-26-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-25-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-33-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-0-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-34-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-35-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-2-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2924-1-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-46-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-42-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-41-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-44-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-45-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-47-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-48-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-39-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-40-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-38-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-36-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-49-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-51-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-53-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-52-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-54-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-55-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-56-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-57-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-50-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-58-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-59-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-61-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-66-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-65-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-64-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-63-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-62-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-60-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-203-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download
memory/2924-852-0x0000000075AC0000-0x0000000075BD0000-memory.dmp

Filesize
1.1MB

Download
memory/2924-853-0x0000000001E10000-0x0000000001F0E000-memory.dmp

Filesize
1016KB

Download